azure-cosmos-ts
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [Secure Authentication Patterns]: The skill prioritizes the use of the
@azure/identitylibrary, recommendingDefaultAzureCredentialandManagedIdentityCredential. These methods are security best practices as they facilitate identity-based access control and avoid the risks associated with hardcoded or long-lived account keys.\n- [Safe Query Execution]: Documentation and code samples emphasize the use ofSqlQuerySpecfor parameterized queries. This is a critical security measure that prevents NoSQL injection attacks by ensuring that user input is treated as data rather than executable query logic.\n- [Credential Management]: The skill correctly demonstrates using environment variables (process.env) for sensitive configuration data like endpoints and keys, adhering to standard security practices for separating secrets from source code.\n- [Data Ingestion Surface]: The skill enables reading data from external sources (Azure Cosmos DB), which is its core purpose. While this is intended, it is useful to note the data handling flow:\n - Ingestion points: Data enters the agent context through
container.items.query()andcontainer.item().read()calls as shown inSKILL.mdandquery-patterns.md.\n - Boundary markers: The examples focus on SDK usage and do not explicitly define delimiters for agent context processing, which is standard for library documentation.\n
- Capability inventory: The skill provides a full suite of document management capabilities, including create, upsert, replace, patch, and delete operations.\n
- Sanitization: The implementation of parameterized queries serves as a robust sanitization layer for data being sent to the database.
Audit Metadata